Ethereal on Win32 is a great after-the-fact debugging/analysis tool Probably the best. My favorite part is not only does it open pcap files, but also GZIPPED pcap files. It supports a TON of protocols. http://www.ethereal.com/
However, as for actual packet capture and backend statistics and organization, I think tcpdump (and associated tools) on *BSD with full BPF is light years ahead of anything else. It's the only code out there given significant attention by the internet community for years. Yes, sorry, it's not a GUI by itself, but if you know what you are doing, you can extend tcpdump to all your packet capture needs with the help of maybe a few other tools out there. One only needs to do a search for tcpdump or pcap on sourceforge or freshmeat or google or some other search engine. tcpdump uses the Berkeley Packet Filter (BPF) and libpcap. http://www.tcpdump.org/ I have noticed one company that has a most interesting offering, Niksun, http://www.niksun.com/, has a product called NetVCR which seems more capable than just "a web-based SnifferPro-like tool" The collection and distributed features of the product seem very useful, it's more of a monitoring/statistics tool that scales to almost any traffic/bandwidth equation. This stuff may cost a lot, but it's definitely light years ahead of Distributed SnifferPro or any other commercial packet capture tool. Speaking of scaling to almost any amount of traffic, our next-generation sniffers are probably going to have to be driven by hardware. One currently possibility for this is Foundry's JetCore ASIC in their switch products. Foundry is building XRMON and sFlow (http://www.inmon.com/) software into this chip. This means you can do packet capture at multiple Gbps and get the details of every frame across the wire. Now you just have to write it to disk... -dre ""Steven A. Ridder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Ethereal. It's been ported from Linux to Win32. It's lightweight. But > it's not perfect and can crash. > > www.ethereal.com > > If you use Windows 2000 or XP, just be sure to install the winpcap diver 2.3 > beta. Otherwise 2.2 should work. > > http://netgroup-serv.polito.it/winpcap/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31333&t=31296 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
